43ce078ad39423180d2669f8d016d0727cbe259dd52815888083f7af9e343e89 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_c6d1af6e02612abfb8cb8a3dfa2e4534_mafia
Size

184KB
Sample

240829-n7ah7ssdml
MD5

c6d1af6e02612abfb8cb8a3dfa2e4534
SHA1

b67b590955a63f2b27b0c063b6319b2efdd295d0
SHA256

43ce078ad39423180d2669f8d016d0727cbe259dd52815888083f7af9e343e89
SHA512

a6c20abe3dc0f86f0c5b1ddb49f4b230a1cabdf6c5eea1b5d433ea862eeca413c288a78a3b18e830ec35f87abeda2841b3aa7132a07c69dcf5f4427f96bd1dc0
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3z:/7BSH8zUB+nGESaaRvoB7FJNndnm

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  2024-08-29_c6d1af6e02612abfb8cb8a3dfa2e4534_mafia
- Size
  
  184KB
- MD5
  
  c6d1af6e02612abfb8cb8a3dfa2e4534
- SHA1
  
  b67b590955a63f2b27b0c063b6319b2efdd295d0
- SHA256
  
  43ce078ad39423180d2669f8d016d0727cbe259dd52815888083f7af9e343e89
- SHA512
  
  a6c20abe3dc0f86f0c5b1ddb49f4b230a1cabdf6c5eea1b5d433ea862eeca413c288a78a3b18e830ec35f87abeda2841b3aa7132a07c69dcf5f4427f96bd1dc0
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3z:/7BSH8zUB+nGESaaRvoB7FJNndnm
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution